Exam Profile: EC-Council 312-50: Certified Ethical Hacker (v6.1)

Date: Apr 13, 2011

Return to the article

The Certified Ethical Hacker v6.1 exam is a vendor neutral certification exam that certifies individuals in the processes of ethical hacking, also known as defensive hacking. In order to be an effective ethical hacker (white hat), you must learn to think like an offensive hacker (black hat), which includes gaining a deep understanding of the tools and methods involved. Once you start to look at your networks and systems from the perspective of someone out to cause havoc or harm, you will be better prepared to implement the appropriate countermeasures and monitoring systems.

Exam Details

• Number of questions: 150

This is a linear exam, so you can easily move backward to examine a previous question if needed and then go forward again to where you left off. Question can be flagged for review after submitting all answers, providing the opportunity to look over those questions again before submitting the exam for grading.

• Types of questions: Multiple choice, with text and images as part of the question material.

Due to the unique content and nature of this exam, you should expect questions that utilize code and script samples, firewall and IDS logs, web server logs, packet captures and other items both graphically and through text representations. The official training course and the current preparation guides will give you a good feel for the type information you can reasonably expect to see in the questions.

• Passing score: 70%
• Time limit: 240 minutes

Use your time wisely. You should have more than enough time to answer each question and still have more than enough left over to review flagged items. Make use of the flag for review to give yourself another chance to look over questions you were undecided on originally. Do not be afraid to go backwards within the exam if you see something later on that you think might help you answer an earlier question.

• How to register: Prometric and VUE; note that the exam number will vary between them:
• Exam 312-50: VUE testing centers and Prometric Accredited Training Centers (ATC).
• Exam EC0-350: Authorized Prometric Testing Centers (APTC) globally.

In order to register for the exam, you will need to have either attended an official training course for CEH at an accredited training center or obtain an experience waiver if utilizing self-study. The exam is given the last day during official training courses. If applying for the waiver, you will need to complete an application form and attach a letter from your organization documenting two or more years of information security experience. You will also need to purchase a voucher from the EC Council to use for exam registration. The eligibility form to apply for the experience waiver is currently located here, though it may change as CEH v7 is being released shortly.

Trouble Spots

Common trouble areas people will mention when preparing for this exam include some of the following, which you may want to spend a bit of extra time preparing:

• Laws related to hacking
• The hacking methodology; i.e., the steps to hacking and what is being done when (and why!)
• Common ports for services and malware
• TCP flags, their order, purpose and usage
• ICMP types and codes
• Linux tools for hacking and defending
• Cryptography in general (symmetric, asymmetric, hashing, etc.)

Preparation Hints

There are two general types of information for the CEH exam: that which you must memorize, and that which you should understand the concepts for and be able to reason your way through. As an example, you should be familiar enough with looking at code and script samples to be able to figure out (at a basic level) what is occurring with the exploit being presented. You do not need to be a rock-star C programmer or Perl scripter, but you should at least be able to read the code and make sense out of it. The same basic theory holds true for examining packet captures, IDS logs and web server logs. The courseware and the review guides will present several variations on this theme, so if you are not familiar with this type of analysis from your previous knowledge or work experience, you should be able to get up to speed in this area.

In regards to that information which you must really memorize, make use of the Cheat Sheet Exercises that complement Stephen DeFino’s official resource guide. There really is no better starting point out there for listing those items you must just flat out memorize.

In order to be fully prepared for this exam, and more importantly to become a competent and effective ethical hacker, spend plenty of time using Back Track 4 and the tools it contains.

Lastly, community sites such as The Ethical Hacker Network exist that can provide tremendous amounts of support, encouragement, and question answering.

Recommended Study Resources

There are only two current published resources available to use if you will be self-studying for the CEH exam:

• CEH Certified Ethical Hacker Study Guide by Kimberly Graves, ISBN 978-0470525203 (April 2010)
• Official Certified Ethical Hacker Review Guide by Stephen DeFino, ISBN 978-1435488533 (November 2009)
• Cheat Sheet Exercises (complements the guide by Stephen DeFino)

There are several other, older, CEH study guides available, though you may not want to depend on them for your review, as they are for the previous (v5) version of the CEH exam.

The EC Council has also published a five book series that will provide a deeper level of coverage on the topics covered in the CEH exam, but it is not necessarily required to purchase or read these strictly for exam preparation:

• Ethical Hacking and Countermeasures: Web Applications and Data Servers, ISBN 978-1435483620 (September 2009)
• Ethical Hacking and Countermeasures: Threats and Defense Mechanisms, ISBN 978-1435483613 (September 2009)
• Ethical Hacking and Countermeasures: Attack Phases, ISBN 978-1435483606 (September 2009)
• Ethical Hacking and Countermeasures: Secure Network Infrastructures, ISBN 978-1435483651 (September 2009)
• Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems, ISBN 978-1435483644 (September 2009)

If you decide to self-study, the courseware is available to purchase separately from the EC Council’s online store.

ExamForce provides a full practice exam solution for the CEH. The guides listed above from Graves and DeFino include practice exams as well, with the Graves book also having a CD with additional practice exams.

You should also download and look over the CEH program guide, which is found here.

Exam Objectives

The exam covers the current objectives (obtained directly from the online reference):

Module 01: Introduction to Ethical Hacking

• Understand the issues plaguing the information security world
• Understand various hacking terminologies
• Understand the basic elements of information security
• Understand the security, functionality and ease of use triangle
• List the 5 stages of ethical hacking
• Understand the different type of hacker attacks
• Define hactivism and understand the classification of hackers
• Understand who is an ethical hacker
• How do you become an ethical hacker
• List the profile of a typical ethical hacker
• Understand vulnerability research and list the various vulnerability research tools
• Describe the ways to conduct ethical hacking
• What are the different ways an ethical hacker tests a target network

Module 02: Hacking Laws

• Understand the U.S Federal Laws related to Cyber Crime
  • 18 U.S.C. § 1029
  • 18 U.S.C. § 1030
  • 18 U.S.C. § 1362
  • 18 U.S.C. § 1831
  • 18 U.S.C. § 2318
  • 18 U.S.C. § 2320
  • 18 U.S.C. § 2510 et seq
  • 18 U.S.C. § 2701 et seq
  • 47 U.S.C. § 605
  • Understand the SPY ACT
  • Washington: RCW 9A.52.110
  • Florida: § 815.01 to 815.07
  • Indiana: IC 35-43
  • Federal Managers Financial Integrity Act of 1982
  • The Freedom of Information Act: 5 U.S.C. § 552
  • Federal Information Security Management Act (FISMA)
  • The Privacy Act Of 1974: 5 U.S.C. § 552a
  • USA Patriot Act of 2001
  • Government Paperwork Elimination Act (GPEA)
• Understand the Cyber Crime Law in Mexico
  • Section 30-45-5—Unauthorized computer use
• Understand the Cyber Crime Laws in Brazil
  • Art. 313-A : Entry of false data into the information system
  • Art. 313-B : Unauthorized modification or alteration of the information system
• Understand the Cyber Crime Law in Canada
  • Canadian Criminal Code Section 342.1
• Understand the Cyber Crime Laws in the United Kingdom
  • Computer Misuse Act 1990
  • Police and Justice Act 2006
• Understand the Cyber Crime Law in Europe
  • Section 1 - Substantive Criminal Law
• Understand the Cyber Crime Law in Belgium
  • Computer Hacking Article 550(b)
• Understand the Cyber Crime Law in Denmark
  • Penal Code Section 263
• Understand the Cyber Crime Laws in France
  • Article 323-1
  • Article 323-2
• Understand the Cyber Crime Laws in Germany
  • Penal Code Section 202a. Data Espionage
  • Penal Code Section 303a: Alteration of Data
• Understand the Cyber Crime Law in Greece
  • Criminal Code Article 370C§2
• Understand the Cyber Crime Law in Italy
  • Penal Code Article 615 ter: Unauthorized access into a computer or telecommunication systems
• Understand the Cyber Crime Law in Italy
  • Criminal Code Article 138a
• Understand the Cyber Crime Laws in Norway
  • Penal Code § 145
  • Penal Code §145b
  • Penal Code § 151 b
• Understand the Cyber Crime Laws in Switzerland
  • Article 143b
  • Article 144b
• Understand the Cyber Crime Law in Australia
  • The Cybercrime Act 2001
• Understand the Cyber Crime Law in India
  • The Information Technology Act, 2000
• Understand the Cyber Crime Law in Japan
  • Law No. 128 of 1999
• Understand the Cyber Crime Law in Singapore
  • Chapter 50A: Computer misuse Act
• Understand the Cyber Crime Laws in Korea
  • Chapter VI Stability of the Information and Communications Network: Article 48, Article 49
  • Chapter IX Penal Provisions: Article 61
• Understand the Cyber Crime Law in Malaysia
  • Computer Crimes Act 1997
• Understand the Cyber Crime Law in Hong Kong
  • Telecommunication Law

Module 03: Footprinting

• Define the term Footprinting
• Understand the areas and information that hackers seek
• Describe information gathering methodology
• Understand passive information gathering
• Understand competitive intelligence and its need
• Role of financial websites in footprinting
• Role of job portals in footprinting
• Understand DNS enumeration
• Understand Whois, ARIN lookup , Nslookup
• Identify different types of DNS records
• Understand how traceroute is used in Footprinting
• Role of search engines in footprinting
• Understand how e-mail tracking works
• Understand how web spiders work
• List the steps to fake a website

Module 04: Google Hacking

• Understand the term Google Hacking
• Understand the Google Hacking Database
• How can hackers take advantage of the Google Hacking Database
• Understand the basics of Google Hacking
• Being anonymous using Cache
• How can Google be used as a proxy server
• Understand directory listings
• Understand server versioning
• Understand directory traversal
• Understand incremental substitution
• Understand the advanced Google operators
• How to locate exploits and find targets
• How to track down web servers, login portals and network hardware
• Understand the various Google Hacking Tools

Module 05: Scanning

• Define the term port scanning, network scanning and vulnerability scanning
• Understand the objectives of scanning
• Understand the CEH scanning methodology
• Understand Ping Sweep techniques
• Understand the Firewalk tool
• Understand Nmap command switches
• Understand the three way handshake
• Understand the following Scans: SYN, Stealth, XMAS, NULL, IDLE, FIN, ICMP Echo, List, TCP Connect, Full Open, FTP Bounce, UDP, Reverse Ident, RPC, Window
• Understand FloppyScan
• List TCP communication flag types
• Understand War dialing techniques
• Understand banner grabbing using OS fingerprinting, Active Stack Fingerprinting, Passive Fingerprinting and other techniques and tools
• Understand vulnerability scanning using BidiBlah and other hacking tools
• Draw network diagrams of vulnerable hosts using various tools
• Understand how proxy servers are used in launching an attack
• How does anonymizers work
• Understand HTTP tunneling techniques
• Understand IP spoofing techniques
• Understand various scanning countermeasures

Module 06: Enumeration

• Understand the system hacking cycle
• Understand Enumeration and its techniques
• Understand null sessions and its countermeasures
• Understand SNMP enumeration and its countermeasures
• Describe the steps involved in performing enumeration

Module 07: System Hacking

• Understand the different types of password
• Understand the different types of password attacks
• Understand password cracking techniques
• Understand Microsoft Authentication mechanism
• Describe password sniffing
• Identifying various password cracking tools
• What are the various password cracking countermeasures
• Understand privilege escalation
• Understand keyloggers and other spyware technologies
• Understand different ways to hide files
• Understanding rootkits
• How do you identify rootkits, list the steps for the same
• Understand Alternate Data Streams
• Understand Steganography technologies
• Understand how to covering your tracks and erase evidences

Module 08: Trojans and Backdoors

• What is a Trojan
• Understand overt and covert channels
• Understand working of Trojans
• List the different types of Trojans
• What do Trojan creators look for
• List the different ways a Trojan can infect a system
• What are the indications of a Trojan attack?
• Identify the ports used by Trojan
• Identify listening ports using netstat
• What is meant by “wrapping”
• Understand Reverse Shell Trojan
• Understand ICMP tunneling
• Understand various classic Trojans
• Understand how “Netcat” Trojan works
• Understand the Trojan horse constructing kit
• Understand Trojan detection techniques
• Understand Trojan evading techniques
• How to avoid a Trojan infection

Module 09: Viruses and Worms

• Understand virus and its history
• Characteristics of a virus
• How does a virus work
• Understand the motive behind writing a virus
• Symptoms of virus attack
• What is a virus hoax
• Understand the difference between a virus and a worm
• Understand the life cycle of virus
• Understand the types of viruses
• How a virus spreads and infects the system
• Understand the storage pattern of virus
• Understand various types of classic virus found in the wild
• Virus writing technique
• Virus construction kits
• Understand antivirus evasion techniques
• Understand Virus detection methods

Module 10: Sniffers

• Understand sniffing and protocols vulnerable to it
• Discuss types of sniffing
• Understand Address Resolution Protocol (ARP)
• How does ARP Spoofing work
• Understand active and passive sniffing
• Understand ARP poisoning
• Understand MAC duplicating
• Understand ethereal capture and display filters
• Understand MAC flooding
• Understand DNS spoofing techniques
• Describe sniffing countermeasures

Module 11: Social Engineering

• What is Social Engineering
• Understand human weakness
• List the different types of social engineering
• Understand Dumpster Diving
• Understand Reverse Social Engineering
• Understand Insider attacks and its countermeasures
• Understand Social Engineering threats and defense
• Understand Identity Theft
• Describe Phishing Attacks
• Understand Online Scams
• Understand URL obfuscation
• Understand social engineering on social networking sites
• Social Engineering countermeasures

Module 12: Phishing

• Understand phishing and reasons for its success
• Different types of phishing
• Explain the process of phishing
• List different types of phishing attacks
• List the anti-phishing tools and countermeasures

Module 13: Hacking Email Accounts

• List different ways to get information related to e-mail accounts
• Understand various e-mail hacking tools
• How to create strong passwords for e-mail accounts
• Explain Sign-in Seal

Module 14: Denial of Service

• Understand Denial of Service(DoS) attacks
• What is the goal of a DoS attack
• Impact and modes of DoS attack
• Types of attacks
• Classify different types of DoS attacks
• Understand various tools used to launch DoS attacks
• Understand botnets and their use
• List the types of bots and their mode of infection
• Understand how DDoS attack works
• Characteristics of a DDoS attack
• Explain the Agent-Handler Model and DDoS IRC Model
• Understand Reflective DNS attacks
• How to conduct a DDoS attack
• Understand Reflected DoS attack
• Describe the DoS/DDoS countermeasures

Module 15: Session Hijacking

• Understand session hijacking
• Understand spoofing vs. hijacking
• What are the steps to perform session hijacking
• List the types in session hijacking
• Understand session hijacking levels
• Understand sequence number prediction
• Describe countermeasure to session hijacking

Module 16: Hacking Webservers

• Understand the working of a webserver
• How are webservers compromised
• Understand web server defacement
• Understand the attacks against web servers
• List the types of web server vulnerabilities
• Understand IIS Unicode exploits
• Understand patch management techniques
• Understand Web Application Scanner
• What is Metasploit Framework
• Understand various webserver testing tools
• Understand patch management
• List best practices for patch management
• Describe Web Server hardening methods
• Webserver protection checklist

Module 17: Web Application Vulnerabilities

• Understand the working of a web application
• Objectives of web application hacking
• Anatomy of an attack
• Understand various web application threats and its countermeasures
• Understand various web application hacking tools

Module 18: Web Based Password Cracking Techniques

• Understand authentication and authentication mechanisms
• Rules to select a good password
• Things to avoid while selecting passwords
• How to protect passwords
• How hackers get hold of passwords
• What is a Password Cracker?
• How does a Password Cracker work
• Modus operandi of an attacker using password cracker
• Understand Password Attacks—Classification
• Understand Password Cracking Countermeasures

Module 19: SQL Injection

• What is SQL injection
• Understand the steps to conduct SQL injection
• Understand various SQL injection techniques
• Understand SQL Server vulnerabilities
• How to test for SQL injection vulnerabilities
• Understand various SQL injection tools
• Understand Blind SQL injection and its countermeasures
• Understand SQL Injection countermeasures
• How to protect web sites from SQL injection attacks

Module 20: Hacking Wireless Networks

• Understand wireless network architecture
• Differentiate between wireless and wired network
• What are the effects of wireless networks on business
• Understand the types of wireless networks
• List the advantage and disadvantage of wireless network
• Understand various wireless standards
• Understand various wireless concepts and devices
• Overview of WEP, WPA, WPA2 authentication systems and cracking techniques
• Overview of wireless Sniffers and SSID, MAC Spoofing
• Understand Rogue Access Points
• Understand wireless hacking techniques
• Understand TKIP, LEAP
• Understand MAC Sniffing, AP Spoofing, MITM, DoS attacks
• Understand phone jammers
• How to detect a wireless network
• Understand various wireless hacking tools
• List the steps to hack a wireless network
• Understand WIDZ and RADIUS
• Describe the methods in securing wireless networks

Module 21: Physical Security

• Physical security breach incidents
• Understanding physical security
• Need for physical security
• Who is accountable for physical security
• Factors affecting physical security
• Physical security checklist for organizations
• Authentication mechanisms
• How to fake fingerprints
• Understand wiretapping
• Understand lock picking
• Understanding wireless and laptop security
• Laptop security countermeasures
• Understand mantrap, TEMPEST
• List the challenges in ensuring physical security
• Understand spyware technology

Module 22: Linux Hacking

• What is the need for a Linux Operating System
• Linux distributors
• Understand the basic commands of Linux
• Understand the Linux file structure and networking commands
• List the directories in Linux
• Understand how to install, configure and compile a Linux Kernel
• Understand installing a Kernel patch
• Understand GCC compilation commands
• List vulnerabilities in Linux
• Why is Linux hacked
• How to apply patches to vulnerable programs
• Understand password cracking in Linux
• Understand IP Tables
• Basic Linux Operating System Defense
• Understand how to install LKM modules
• Understand AIDE
• Understand Linux hardening methods

Module 23: Evading IDS, Honeypots and Firewalls

• Understand Intrusion Detection Systems (IDS)
• Where to place an IDS
• Ways to detect an intrusion
• Understand the types of IDS
• Understand System Integrity Verifiers
• Understand True/False, Positive/Negative
• Signature analysis in an IDS
• List the general indications of a possible intrusion
• Steps to perform after IDS detects attack
• List the IDS evasion techniques
• Understand firewall and its working
• List the type of firewalls
• Understand firewalking, banner grabbing
• IDS and Firewall testing tool
• What is a honeypot
• List the types of honeypots, advantage and disadvantage
• Honeypot placement
• Differentiate between physical and virtual honeypots
• Countermeasures to hack attacks

Module 24: Buffer Overflows

• Why are programs/applications vulnerable to buffer overflow
• Understand buffer overflows and reasons for attacks
• List the knowledge required to program buffer overflow exploits
• Understand stacks, heaps, NOPS
• Identify the different types of buffer overflows and methods of detection
• Understand assembly language
• Overview of shellcode
• Overview of buffer overflow mutation techniques
• Writing buffer overflow programs in C
• Buffer overflow code analysis

Module 25: Cryptography

• Overview of cryptography and encryption techniques
• Understand cryptographic algorithms
• Describe how public and private keys are generated
• Overview of MD5, SHA, RC4, RC5, Blowfish algorithms
• Understand digital signature
• List the components of a digital signature
• Method of digital signature technology
• Application of digital signature
• Understand digital signature standard
• Digital signature algorithm
• Overview of digital certificates
• Understand code breaking methodologies
• Understand cryptanalysis
• List the cryptography attacks

Module 26: Penetration Testing Methodologies

• Overview of penetration testing methodologies
• Understand security assessments
• Understand vulnerability assessment and its limitation
• Understand types of penetration testing
• Understand risk management
• Outsourcing penetration testing service
• List the penetration testing steps
• Overview of the Pen-Test legal framework
• Overview of the Pen-Test deliverables
• List the automated penetration testing tools
• Best practices
• Phases of penetration testing

Where to Go from Here

The CEH exam is an excellent exam in its own right, but it forms the foundation of a higher-level certification from the EC Council: the Licensed Penetration Tester (LPT). In order to obtain the LPT certification, you must (currently) pass the EC Council Certified Security Analyst (ECSA) exam, which is a more advanced ethical hacking certification that covers 47 different objectives. After successfully passing both the CEH and ECSA, you must complete the LPT application and return it along with a police background check from the FBI or equivalent agency for your country, along with the fee of $500 USD. The LPT is good for years, after which you must renew annually with the EC Council.

© 2024 Pearson Education, Pearson IT Certification. All rights reserved.

800 East 96th Street, Indianapolis, Indiana 46240